VIRY.CZ

Dobrý den. Prosím Vás o kontrolu logu. Systém celkem dlouho nabíhá a poté je vytížení CPU stále kolem 80%-100%. V procesech ale žádná aplikace tolik nemá. Předem děkuji...


Logfile of random's system information tool 1.09 (written by random/random)
Run by Luboš at 2012-09-13 17:12:00
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 86 GB (56%) free of 153 GB
Total RAM: 1015 MB (26% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\DriverScanner.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{1E58EE40-7397-43B0-87C7-876B08708E1B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-08-14 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-11 3821568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll [2012-08-14 1002992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC200356-0864-4F66-8964-5D43A19300F5}]
AL2Spy Class - C:\PROGRA~1\AUTOLO~1\AL2DLL.Dll [2008-09-21 241664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-07-17 691656]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\1003291502\ICQToolBar.dll [2010-01-03 1019128]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-08-14 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-29 4317184]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"Device Detector"=DevDetect.exe -autorun []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"Nokia FastStart"=C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe /command:faststart []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-07-03 4273976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2011-04-22 247728]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-01-17 39408]
"DriverScanner"=C:\Program Files\Uniblue\DriverScanner\launcher.exe [2011-05-16 338296]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Luboš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"vidc.xvid"=xvidvfw.dll
"VIDC.ACDV"=ACDV.dll
"vidc.ffds"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.ac3filter"=ac3filter.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-09-13 17:12:01 ----D---- C:\Program Files\trend micro
2012-09-13 17:12:00 ----D---- C:\rsit
2012-09-10 13:54:46 ----D---- C:\Program Files\Common Files\Skype
2012-08-16 08:25:48 ----A---- C:\Windows\system32\win32k.sys
2012-08-15 06:45:41 ----A---- C:\Windows\system32\localspl.dll
2012-08-15 06:45:37 ----A---- C:\Windows\system32\netapi32.dll
2012-08-15 06:45:33 ----A---- C:\Windows\system32\wininet.dll
2012-08-15 06:45:33 ----A---- C:\Windows\system32\urlmon.dll
2012-08-15 06:45:32 ----A---- C:\Windows\system32\iertutil.dll
2012-08-15 06:45:30 ----A---- C:\Windows\system32\url.dll
2012-08-15 06:45:30 ----A---- C:\Windows\system32\mshtml.dll
2012-08-15 06:45:30 ----A---- C:\Windows\system32\jsproxy.dll
2012-08-15 06:45:29 ----A---- C:\Windows\system32\msfeeds.dll
2012-08-15 06:45:29 ----A---- C:\Windows\system32\ieframe.dll
2012-08-15 06:45:28 ----A---- C:\Windows\system32\mstime.dll
2012-08-15 06:45:28 ----A---- C:\Windows\system32\ieui.dll
2012-08-15 06:45:28 ----A---- C:\Windows\system32\iedkcs32.dll
2012-08-15 06:45:27 ----A---- C:\Windows\system32\mshtmled.dll
2012-08-15 06:45:27 ----A---- C:\Windows\system32\iesysprep.dll
2012-08-15 06:45:27 ----A---- C:\Windows\system32\iesetup.dll
2012-08-15 06:45:27 ----A---- C:\Windows\system32\iernonce.dll
2012-08-15 06:45:27 ----A---- C:\Windows\system32\iepeers.dll
2012-08-15 06:45:26 ----A---- C:\Windows\system32\occache.dll
2012-08-15 06:45:26 ----A---- C:\Windows\system32\msfeedssync.exe
2012-08-15 06:45:26 ----A---- C:\Windows\system32\msfeedsbs.dll
2012-08-15 06:45:26 ----A---- C:\Windows\system32\licmgr10.dll
2012-08-15 06:45:26 ----A---- C:\Windows\system32\ieUnatt.exe
2012-08-15 06:45:26 ----A---- C:\Windows\system32\ie4uinit.exe

======List of files/folders modified in the last 1 month======

2012-09-13 17:12:01 ----RD---- C:\Program Files
2012-09-13 17:11:43 ----D---- C:\Windows\Temp
2012-09-11 17:17:52 ----SHD---- C:\System Volume Information
2012-09-10 13:56:06 ----D---- C:\Users\Luboš\AppData\Roaming\Skype
2012-09-10 13:55:33 ----SHD---- C:\Windows\Installer
2012-09-10 13:55:32 ----D---- C:\ProgramData\Skype
2012-09-10 13:54:47 ----RD---- C:\Program Files\Skype
2012-09-10 13:54:46 ----D---- C:\Program Files\Common Files
2012-08-19 19:25:21 ----D---- C:\Windows\system32\catroot2
2012-08-16 10:56:11 ----D---- C:\Windows\System32
2012-08-16 10:56:11 ----D---- C:\Program Files\Internet Explorer
2012-08-16 10:56:10 ----D---- C:\Windows\system32\migration
2012-08-16 08:32:53 ----D---- C:\ProgramData\Microsoft Help
2012-08-16 08:27:05 ----A---- C:\Windows\system32\mrt.exe
2012-08-16 08:26:50 ----D---- C:\Windows\winsxs
2012-08-16 08:26:03 ----D---- C:\Windows\system32\catroot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-09-16 717296]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2012-07-03 35928]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-07-03 721000]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-07-03 353688]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-07-03 54232]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-07-03 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-07-03 57656]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-02 1668456]
R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2008-09-11 10368]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 a1r6yddj;a1r6yddj; C:\Windows\system32\drivers\a1r6yddj.sys []
S3 cdrmkaun;cdrmkaun; \??\C:\Users\LUBO~1\AppData\Local\Temp\cdrmkaun.sys [2009-01-02 31744]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-22 611664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-07-03 44808]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-14 194032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Zdravím.

Vydrž minutku, na logu se intenzivně pracuje.

Takže, pokud je tam najdeš, tak v nabídce Přidat nebo odebrat programy odinstaluj tyto toolbary:

• DAEMON Tools Toolbar, ICQToolBar, Ask Toolbar a Google Toolbar.

Toolbary (lišty prohlížečů) jsou veliká "zdržovadla" systému a v případě například Ask.com Toolbar, Conduit Engine a dalších se dá hovořit už i o havěti.

Dále, pokud jsi tak již neučinil, odinstaluj také Lavasoft Ad-Aware. Program má svá nejlepší léta již dávno za sebou a není schopen čelit aktuálním hrozbám.


Až to všechno provedeš, tak stáhni OTL z tohoto odkazu a ulož jej na Plochu.

• Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
• Zaškrtni okénko Pro všechny uživatele.
• Zaškrtni okénko Kontrola na havěť "LOP".
• Zaškrtni okénko Kontrola na havěť "Purity".
• Stáři souborů změň z 30 dnů na 7 dnů!!
• Do spodního okénka Vlastní skenování/opravy vlož tento script (pouze zelená písmenka v bílém poli!):

• Klikni na tlačítko [Prohledat].
• Po dokončení skenu se objeví logy OTL.txt a Extras.txt, oba mi sem vlož.
• Logy se nevejdou do jednoho, rozděl je tedy prosím do více příspěvků.

OTL logfile created on: 13.9.2012 21:28:06 - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = F:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,52 Mb Total Physical Memory | 247,06 Mb Available Physical Memory | 24,35% Memory free
2,23 Gb Paging File | 1,39 Gb Available in Paging File | 62,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 84,19 Gb Free Space | 56,48% Space Free | Partition Type: NTFS
Drive F: | 1,84 Gb Total Space | 0,56 Gb Free Space | 30,64% Space Free | Partition Type: FAT

Computer Name: DOMOV | User Name: Luboš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.09.13 21:24:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.04.22 14:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.09.20 15:35:40 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.09.20 15:35:10 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2006.12.29 05:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2005.12.21 20:23:58 | 000,278,528 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe


========== Modules (No Company Name) ==========

MOD - [2010.11.24 09:33:41 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
MOD - [2008.10.11 23:18:46 | 000,319,488 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2008.10.09 17:19:08 | 000,421,376 | ---- | M] () -- C:\Program Files\ZF\ZFTmp\ZMenu.DLL
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aa3occua)
DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.01.02 07:56:19 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Luboš\AppData\Local\Temp\cdrmkaun.sys -- (cdrmkaun)
DRV - [2008.09.16 19:37:03 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.09.11 17:20:57 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2008.02.14 08:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.12.05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... C1ADD1299D
IE - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... &ch_id=osd
IE - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... 1I7ADSA_cs
IE - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)


[2009.12.11 16:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luboš\AppData\Roaming\Mozilla\Extensions
[2009.12.11 16:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luboš\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AL2Spy Class) - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\Program Files\AutoLogin\AL2DLL.Dll (Fineart)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKU\S-1-5-21-3933189071-1421474198-2244348519-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll ()
O9 - Extra 'Tools' menuitem : Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll ()
O9 - Extra Button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E28C61F-5AAA-4FEA-9990-E1492A71044B}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Luboš\Pictures\Bečice 2011\SDC12616.JPG
O24 - Desktop BackupWallPaper: C:\Users\Luboš\Pictures\Bečice 2011\SDC12616.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3120fbe6-8416-11dd-ab75-001d9297f482}\Shell - "" = AutoRun
O33 - MountPoints2\{3120fbe6-8416-11dd-ab75-001d9297f482}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{457e21d8-7dc5-11dd-925e-001d9297f482}\Shell - "" = AutoRun
O33 - MountPoints2\{457e21d8-7dc5-11dd-925e-001d9297f482}\Shell\AutoRun\command - "" = G:\autoverify.exe
O33 - MountPoints2\{4d8e8f4b-7dce-11dd-bac0-001d9297f482}\Shell\AutoRun\command - "" = PStart.exe
O33 - MountPoints2\{63623ec8-92d0-11dd-bf98-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{63623ec8-92d0-11dd-bf98-806e6f6e6963}\Shell\Open(0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{79d62fa1-9398-11dd-b490-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{79d62fa1-9398-11dd-b490-806e6f6e6963}\Shell\Open(0)\command - "" = Recycled\ctfmon.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\Windows\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.09.13 17:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.09.13 17:12:00 | 000,000,000 | ---D | C] -- C:\rsit
[2012.09.10 13:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.10 13:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

========== Files - Modified Within 7 Days ==========

[2012.09.13 21:31:30 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.09.13 21:04:35 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.13 21:04:35 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.13 21:03:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.13 21:01:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.13 21:01:40 | 1064,558,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.13 18:47:13 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.13 17:14:26 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.13 17:14:25 | 000,635,756 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.09.13 17:14:25 | 000,134,582 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.09.13 17:14:25 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.13 17:10:08 | 000,781,383 | ---- | M] () -- C:\Users\Luboš\Desktop\RSIT.exe

========== Files Created - No Company Name ==========

[2012.09.13 21:31:30 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.09.13 17:11:26 | 000,781,383 | ---- | C] () -- C:\Users\Luboš\Desktop\RSIT.exe
[2011.07.30 20:25:21 | 000,000,000 | ---- | C] () -- C:\Users\Luboš\AppData\Local\{B41E8DA2-D3E9-4462-8C19-DE394F58BF5F}
[2011.03.29 16:29:01 | 000,000,680 | ---- | C] () -- C:\Users\Luboš\AppData\Local\d3d9caps.dat
[2010.11.24 09:33:41 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008.10.09 19:12:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.10.08 17:46:07 | 000,024,206 | ---- | C] () -- C:\Users\Luboš\AppData\Roaming\UserTile.png
[2008.09.10 19:39:52 | 000,000,093 | ---- | C] () -- C:\Users\Luboš\AppData\Local\fusioncache.dat
[2008.09.10 19:33:09 | 000,018,342 | ---- | C] () -- C:\Users\Luboš\_0A3E9B437C4D071D3EE6ED0BB7830DE1
[2008.09.08 19:33:35 | 000,048,128 | ---- | C] () -- C:\Users\Luboš\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2008.09.11 17:23:59 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\ACD Systems
[2008.09.16 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\DAEMON Tools
[2009.12.03 16:59:26 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\GHISLER
[2011.07.30 15:53:07 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\ICQ
[2010.01.07 17:31:02 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\muvee Technologies
[2011.06.03 10:24:15 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\Nitro PDF
[2009.03.09 19:34:49 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\Nokia
[2012.03.31 19:55:44 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\OpenCandy
[2009.03.08 13:20:33 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\PC Suite
[2009.12.11 16:23:47 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\TomTom
[2012.04.04 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\TuneUp Software
[2012.09.12 17:07:51 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.18 14:47:42 | 000,000,466 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1E58EE40-7397-43B0-87C7-876B08708E1B}.job

========== Purity Check ==========



========== Custom Scans ==========

< >

< netsvc >

< >

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.21 04:34:33 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.21 04:32:23 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.21 04:32:23 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.11 08:32:46 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: SCECLI.DLL >
[2008.01.21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SVCHOST.EXE >
[2008.01.21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009.04.11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011.09.20 23:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2009.12.08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011.06.17 22:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2012.03.30 14:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\System32\drivers\tcpip.sys
[2012.03.30 14:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010.02.18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009.12.08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009.12.08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010.06.16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011.06.17 22:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010.06.16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010.06.16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011.09.20 23:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008.04.26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.12.08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009.12.08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2010.02.18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009.12.08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2012.03.30 14:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008.01.21 04:34:55 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< >

< %systemroot%*.* /U /s >
[11 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Globalization\*.tmp files -> C:\Windows\Globalization\*.tmp -> ]
[26 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[16 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\twain_32\*.tmp files -> C:\Windows\twain_32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.09.11 17:23:59 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\ACD Systems
[2009.03.23 14:13:14 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\Adobe
[2008.09.24 18:33:50 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\AdobeUM
[2008.09.11 18:01:37 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\CyberLink
[2008.09.16 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\DAEMON Tools
[2008.12.15 15:42:46 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\dvdcss
[2008.09.08 19:55:20 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\FastStone
[2009.12.03 16:59:26 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\GHISLER
[2010.01.17 13:22:38 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\Google
[2008.09.24 19:55:16 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\HP
[2008.09.12 14:38:18 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\HPAppData
[2011.07.30 15:53:07 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\ICQ
[2008.09.08 18:21:22 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\Identities
[2010.04.04 10:13:26 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\InstallShield
[2008.09.13 02:09:16 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\Macromedia
[2008.09.11 18:35:28 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\Media Player Classic
[2011.06.08 20:07:43 | 000,000,000 | --SD | M] -- C:\Users\Luboš\AppData\Roaming\Microsoft
[2009.12.11 16:23:53 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\Mozilla
[2010.01.07 17:31:02 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\muvee Technologies
[2008.09.11 17:15:21 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\Nero
[2011.06.03 10:24:15 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\Nitro PDF
[2009.03.09 19:34:49 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\Nokia
[2012.03.31 19:55:44 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\OpenCandy
[2009.03.08 13:20:33 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\PC Suite
[2012.09.10 13:56:06 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\Skype
[2010.11.24 11:17:52 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\skypePM
[2009.12.11 16:23:47 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\TomTom
[2012.04.04 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\TuneUp Software
[2010.02.16 20:39:42 | 000,000,000 | ---D | M] -- C:\Users\Luboš\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2011.06.09 21:03:56 | 005,845,528 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Luboš\AppData\Roaming\OpenCandy\C97019F6F8FA456FA206BFC040480170\driverscanner (33).exe
[2011.02.04 12:07:30 | 000,356,576 | ---- | M] () -- C:\Users\Luboš\AppData\Roaming\OpenCandy\OpenCandy_0DF1CC0D0EB943EF856AC0E3996BC1E9\LatestDLMgr.exe
[2011.02.04 12:08:23 | 031,880,832 | ---- | M] () -- C:\Users\Luboš\AppData\Roaming\OpenCandy\OpenCandy_0DF1CC0D0EB943EF856AC0E3996BC1E9\NitriPDFen32_p1v2.exe
[2011.02.04 11:37:24 | 000,356,576 | ---- | M] () -- C:\Users\Luboš\AppData\Roaming\OpenCandy\OpenCandy_2DE24C5E85F2438FA0D156EA20C178EE\LatestDLMgr.exe
[2010.12.18 00:07:06 | 000,043,440 | ---- | M] () -- C:\Users\Luboš\AppData\Roaming\OpenCandy\OpenCandy_2DE24C5E85F2438FA0D156EA20C178EE\SpeedstarterCZ.exe
[2010.12.17 19:48:22 | 001,720,472 | ---- | M] (Speedchecker Limited ) -- C:\Users\Luboš\AppData\Roaming\OpenCandy\OpenCandy_2DE24C5E85F2438FA0D156EA20C178EE\ZrychleniPocitace.exe
[2011.02.04 11:38:37 | 001,842,096 | ---- | M] () -- C:\Users\Luboš\AppData\Roaming\OpenCandy\OpenCandy_2DE24C5E85F2438FA0D156EA20C178EE\ZrychleniPocitace_p2v1.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012.09.13 21:03:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.09.13 21:48:08 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.12.18 14:47:42 | 000,000,466 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1E58EE40-7397-43B0-87C7-876B08708E1B}.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.09.16 19:37:03 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.09.13 21:04:35 | 000,004,176 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.13 21:04:35 | 000,004,176 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.13 17:14:25 | 000,134,582 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2012.09.13 17:14:25 | 000,116,946 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012.09.13 17:14:25 | 000,635,756 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2012.09.13 17:14:26 | 000,625,384 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012.09.13 17:14:25 | 001,508,158 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< %userprofile%\Plocha\*.* >

< %userprofile%\Desktop\*.* >
[2008.09.08 19:04:22 | 000,000,456 | -HS- | M] () -- C:\Users\Luboš\Desktop\desktop.ini
[2008.09.08 19:44:05 | 000,000,792 | ---- | M] () -- C:\Users\Luboš\Desktop\DVD Shrink 3.2.lnk
[2010.09.24 16:34:19 | 000,003,417 | ---- | M] () -- C:\Users\Luboš\Desktop\Lubos Prejza.rar
[2008.09.11 18:12:07 | 000,000,895 | ---- | M] () -- C:\Users\Luboš\Desktop\Media Player Classic.lnk
[2012.01.24 15:53:30 | 000,002,629 | ---- | M] () -- C:\Users\Luboš\Desktop\Microsoft Office Excel 2003.lnk
[2012.01.24 16:23:32 | 000,002,673 | ---- | M] () -- C:\Users\Luboš\Desktop\Microsoft Office Word 2003.lnk
[2009.03.09 20:35:24 | 000,001,985 | ---- | M] () -- C:\Users\Luboš\Desktop\Nokia Photos.lnk
[2012.09.13 17:10:08 | 000,781,383 | ---- | M] () -- C:\Users\Luboš\Desktop\RSIT.exe
[2009.12.16 21:34:38 | 041,120,576 | ---- | M] () -- C:\Users\Luboš\Desktop\setupcze.exe
[2011.08.10 08:13:07 | 056,167,608 | ---- | M] () -- C:\Users\Luboš\Desktop\setup_av_free.exe
[2011.07.30 15:22:19 | 001,081,480 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Luboš\Desktop\SkypeSetup.exe
[2008.09.11 20:25:33 | 000,000,136 | ---- | M] () -- C:\Users\Luboš\Desktop\Spider Solitaire – zástupce.lnk
[2008.09.01 01:21:32 | 002,206,824 | ---- | M] (C. Ghisler & Co.) -- C:\Users\Luboš\Desktop\tcmdr704.exe
[2009.12.03 16:59:29 | 000,000,584 | ---- | M] () -- C:\Users\Luboš\Desktop\Total Commander.lnk
[2008.09.11 18:23:07 | 000,000,840 | ---- | M] () -- C:\Users\Luboš\Desktop\VLCPortable.lnk
[2008.09.08 19:04:22 | 000,000,944 | ---- | M] () -- C:\Users\Luboš\Desktop\Windows Media Player.lnk
[2012.01.24 16:07:10 | 000,440,100 | ---- | M] (Vitware.cz) -- C:\Users\Luboš\Desktop\WordManagerDemo.exe
[2012.01.24 16:17:22 | 570,570,144 | ---- | M] (Microsoft Corporation) -- C:\Users\Luboš\Desktop\X16-32004Office2010CzechSingleImage32bit.exe

< %ALLUSERSPROFILE%\Plocha\*.* >

< %ALLUSERSPROFILE%\Desktop\*.* >

< *crack* /s >

< *keygen* /s >

< *loader* /s >

< *RemoveWAT* /s >

< *minodlogin* /s >

< *tnod* /s >

< *TemDono* /s >

< *AutoKMS* /s >

< *KMSEmulator* /s >

< *activator* /s >

< *serial* /s >

< *w7lxe* /s >

< *AutoRearm* /s >

< >

< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Windows Defender" = %ProgramFiles%\Windows Defender\MSASCui.exe -hide -- [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation)
"RtHDVCpl" = RtHDVCpl.exe -- [2006.12.29 05:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor)
"NeroFilterCheck" = C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe -- [2007.03.01 15:57:24 | 000,153,136 | ---- | M] (Nero AG)
"NBKeyScan" = "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" -- [2007.09.20 09:51:46 | 001,836,328 | ---- | M] (Nero AG)
"Device Detector" = DevDetect.exe -autorun
"HP Software Update" = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe -- [2007.03.11 21:34:40 | 000,049,152 | ---- | M] (Hewlett-Packard Co.)
"Monitor" = C:\Windows\PixArt\PAC207\Monitor.exe -- [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation)
"IgfxTray" = C:\Windows\system32\igfxtray.exe -- [2008.02.11 20:13:12 | 000,141,848 | ---- | M] (Intel Corporation)
"HotKeysCmds" = C:\Windows\system32\hkcmd.exe -- [2008.02.11 20:13:02 | 000,166,424 | ---- | M] (Intel Corporation)
"Persistence" = C:\Windows\system32\igfxpers.exe -- [2008.02.11 20:13:08 | 000,133,656 | ---- | M] (Intel Corporation)
"Nokia FastStart" = "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
"GrooveMonitor" = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" -- [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime -- [2010.08.10 05:15:54 | 000,421,888 | ---- | M] (Apple Inc.)
"avast" = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui -- [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed" = 1
"NoChange" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed" = 1

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" -- [2007.09.20 15:35:10 | 000,202,024 | ---- | M] (Nero AG)
"msnmsgr" = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
"TomTomHOME.exe" = "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -- [2011.04.22 14:21:10 | 000,247,728 | ---- | M] (TomTom)

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.09.13 21:31:30 | 000,000,512 | ---- | M] () MD5=435C51D00A630DC08B94AD939937643E -- C:\PhysicalMBR.bin

========== Files - Unicode (All) ==========
[2008.10.09 18:21:25 | 000,000,000 | ---D | M](C:\Users\Lubo?\AppData\Roaming\Nokia) -- C:\Users\Luboš\AppData\Roaming\Nokia

========== Alternate Data Streams ==========

@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT

< End of report >

OTL Extras logfile created on: 13.9.2012 21:28:06 - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = F:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,52 Mb Total Physical Memory | 247,06 Mb Available Physical Memory | 24,35% Memory free
2,23 Gb Paging File | 1,39 Gb Available in Paging File | 62,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 84,19 Gb Free Space | 56,48% Space Free | Partition Type: NTFS
Drive F: | 1,84 Gb Total Space | 0,56 Gb Free Space | 30,64% Space Free | Partition Type: FAT

Computer Name: DOMOV | User Name: Luboš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3933189071-1421474198-2244348519-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35ED4CF7-B191-4CE2-850A-9ED745026A56}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{38AE3966-C155-4059-881F-D5FEA052C5D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{600EB927-7C18-4292-8E43-7752E6C9003D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A0CCF294-8393-4232-AC36-C585F1DC9ED1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09F8D9DE-6AC5-4BFF-8B6A-9D8FE425002D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{0D79F29C-5F2B-4EC2-A702-AEE26BB7E66D}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{0FB767D0-7013-44E7-ABD3-BC395833667E}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{22422170-B73E-40F6-8A0F-63868E436D34}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{2BFADFF5-4B2B-4C5E-84CF-A344F5E8E5DB}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{46BC5CF8-2AE5-4A15-BFD9-B9EEE0B608F2}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymediaserver.exe |
"{50867C8C-5833-4048-BDA2-E00A3CF6AF8F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5A61965B-39C8-4657-9632-DFAF3CDBB578}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8E2ECF73-6C21-4C46-8B0C-44CED9F67283}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{95B8C444-4064-4127-A87D-42981AA1AD50}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{971CA3A7-433C-4387-AF17-67605A110269}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{B3840ED0-E451-42C8-84A9-783EDF76B60C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B48BBCC3-BEC6-4EE2-87EE-CD01AEE9981D}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymedia.exe |
"{BA35FD5A-A4F4-44CC-9560-8DB300778309}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CAF0B08B-B104-4A59-A0D0-10FF477C2334}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{D998F723-B710-400E-85F5-694D1536133C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{E9749625-F248-489A-B929-24ADD332C93D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E9CD8619-BA0D-450B-9E13-A2941A427B49}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymedia.exe |
"{EB1FB5C3-3EA5-4056-9088-B8AE7E70CD6F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EFB21584-38B0-4ABD-A5CF-9785B1AC089A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F4A11389-7C7C-46C0-A991-D9B1AC94A0E3}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{FABEF116-201F-497C-8635-C4EDC7907730}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{FF4BE268-36AF-4557-AC24-F4814CC43814}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymediaserver.exe |
"TCP Query User{53566193-80D4-42DB-BF54-FB199984788C}C:\program files\elite warriors - vietnam\sog.exe" = protocol=6 | dir=in | app=c:\program files\elite warriors - vietnam\sog.exe |
"TCP Query User{59D3FA36-E14F-4295-A66A-6C137D46BA12}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5B100B7B-689B-4E03-972E-3CB51DC80A9F}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"TCP Query User{700479A1-F60B-4336-918F-EAE6C32421AE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7088145D-4474-45B1-A2D3-458085EF8346}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{7F084AD2-CF96-4685-805A-020C505A58CD}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{8FCF4D97-E28C-4CD5-B1C4-DF5B996A9DE6}C:\hanka\pocket tanks\pockettanks.exe" = protocol=6 | dir=in | app=c:\hanka\pocket tanks\pockettanks.exe |
"TCP Query User{99A8BBC2-2540-4E2E-B0B7-9442872C9D2B}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{EE247DDE-A1B6-4E7F-9042-C48A985B20EF}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe |
"TCP Query User{F77FFD27-3406-4736-A758-7201B208B1AD}C:\program files\flatout\flatout.exe" = protocol=6 | dir=in | app=c:\program files\flatout\flatout.exe |
"UDP Query User{0764542F-DD56-4407-BA3E-8CAC6F2E938B}C:\program files\flatout\flatout.exe" = protocol=17 | dir=in | app=c:\program files\flatout\flatout.exe |
"UDP Query User{30A017A9-26BC-49D8-B291-FB10BE546564}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{58F093C8-D637-4658-899E-505CD6CC3693}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{6A0EE8A4-8E67-4819-B76C-8A605EE40D68}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe |
"UDP Query User{6D178EBA-6091-4D75-8A3F-7D12CD2B65A0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{83712D6F-DF55-47C9-8F31-76FFBD61D6E0}C:\program files\elite warriors - vietnam\sog.exe" = protocol=17 | dir=in | app=c:\program files\elite warriors - vietnam\sog.exe |
"UDP Query User{AAF247FD-EA46-4002-A8E5-24379B479CC8}C:\hanka\pocket tanks\pockettanks.exe" = protocol=17 | dir=in | app=c:\hanka\pocket tanks\pockettanks.exe |
"UDP Query User{E1B26603-70C0-49C1-9ACB-8A0185435DBB}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{F6837BE8-D8D5-4059-9728-A1551EC6EF3B}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{F90DB6F0-CAE4-4119-9AA2-95EE53F0A400}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F8A555E-F2E1-415D-AD8A-67C0A7671029}" = Nero 8
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Balíček ovladače systému Windows - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"aTube Catcher" = aTube Catcher
"avast" = avast! Free Antivirus
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Balíček ovladače systému Windows - Nokia Modem (05/22/2008 3.8)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Zkušební verze produktu Microsoft Office Enterprise 2007
"FastStone Image Viewer" = FastStone Image Viewer 3.2
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"oggcodecs" = oggcodecs 0.70.0827
"PhotoFiltre" = PhotoFiltre
"Pocket Tanks_is1" = Pocket Tanks v1.3
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Totalcmd" = Total Commander (Remove or Repair)
"VobSub" = VobSub v2.23 (Remove Only)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XP Codec Pack" = XP Codec Pack
"Xvid CZ 1.01_is1" = Xvid CZ 1.01

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3933189071-1421474198-2244348519-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Verdict Free" = Slovník Verdict Free (a internetový překladač)

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 23.9.2008 11:56:00 | Computer Name = domov | Source = avast! | ID = 33554522
Description =

Error - 13.3.2009 14:58:49 | Computer Name = domov | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 7.9.2012 19:34:58 | Computer Name = domov | Source = WinMgmt | ID = 10
Description =

Error - 9.9.2012 12:22:53 | Computer Name = domov | Source = WinMgmt | ID = 10
Description =

Error - 10.9.2012 7:45:13 | Computer Name = domov | Source = WinMgmt | ID = 10
Description =

Error - 10.9.2012 10:18:56 | Computer Name = domov | Source = WinMgmt | ID = 10
Description =

Error - 11.9.2012 10:25:10 | Computer Name = domov | Source = WinMgmt | ID = 10
Description =

Error - 12.9.2012 10:27:01 | Computer Name = domov | Source = WinMgmt | ID = 10
Description =

Error - 13.9.2012 11:01:47 | Computer Name = domov | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
Description =

Error - 13.9.2012 11:02:24 | Computer Name = domov | Source = WinMgmt | ID = 10
Description =

Error - 13.9.2012 11:44:01 | Computer Name = domov | Source = VSS | ID = 8194
Description =

Error - 13.9.2012 15:03:30 | Computer Name = domov | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 7.1.2010 11:42:49 | Computer Name = domov | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 24 seconds with 0 seconds of active time. This session ended with a crash.

Error - 8.1.2010 7:48:37 | Computer Name = domov | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 41 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9.1.2010 14:05:17 | Computer Name = domov | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 21 seconds with 0 seconds of active time. This session ended with a crash.

Error - 13.1.2010 17:53:33 | Computer Name = domov | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 43 seconds with 0 seconds of active time. This session ended with a crash.

Error - 14.1.2010 12:11:52 | Computer Name = domov | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 73 seconds with 60 seconds of active time. This session ended with a crash.

Error - 23.1.2010 12:53:56 | Computer Name = domov | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 92 seconds with 60 seconds of active time. This session ended with a crash.

Error - 27.1.2010 3:33:31 | Computer Name = domov | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 90 seconds with 60 seconds of active time. This session ended with a crash.

Error - 3.2.2010 13:07:13 | Computer Name = domov | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 79 seconds with 60 seconds of active time. This session ended with a crash.

Error - 6.2.2010 3:50:49 | Computer Name = domov | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 85 seconds with 60 seconds of active time. This session ended with a crash.

Error - 20.5.2012 10:06:11 | Computer Name = domov | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 1061 seconds with 240 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 10.9.2012 7:45:13 | Computer Name = domov | Source = Service Control Manager | ID = 7011
Description =

Error - 10.9.2012 8:00:55 | Computer Name = domov | Source = DCOM | ID = 10010
Description =

Error - 11.9.2012 10:29:20 | Computer Name = domov | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.100.10 pro síťovou kartu s adresou 001D9297F482
byla serverem DHCP 10.199.240.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 12.9.2012 10:24:29 | Computer Name = domov | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (16:02:20, 12.9.2012) bylo neočekávané.

Error - 13.9.2012 11:02:24 | Computer Name = domov | Source = Service Control Manager | ID = 7011
Description =

Error - 13.9.2012 11:02:24 | Computer Name = domov | Source = Service Control Manager | ID = 7031
Description =

Error - 13.9.2012 11:45:25 | Computer Name = domov | Source = WinDefend | ID = 1008
Description = U programu %%827 došlo k chybě při provádění akce na ochranu před
spywarem nebo jiným potenciálně nežádoucím softwarem. Další informace najdete v následující
části: http://go.microsoft.com/fwlink/?linkid= ... tid=159633

ID
prohledávání: {CC75763F-3172-4100-A630-36A82E7A17E3} Typ prohledávání: %%802 Uživatel:
domov\Luboš Název: Adware:Win32/OpenCandy ID: 159633 ID závažnosti: 1 ID kategorie:
1 Cesta: Akce: %%811 Kód chyby: 0x80508022 Popis chyby: Odebírání spywaru a dalšího
potenciálně nežádoucího softwaru dokončíte restartováním počítače.

Error - 13.9.2012 15:01:45 | Computer Name = domov | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (19:28:15, 13.9.2012) bylo neočekávané.

Error - 13.9.2012 15:03:30 | Computer Name = domov | Source = Service Control Manager | ID = 7009
Description =

Error - 13.9.2012 15:03:30 | Computer Name = domov | Source = Service Control Manager | ID = 7011
Description =


< End of report >

Pokud to jde, odinstaluj z počítače Zrychlení počítače - vůbec nic to nezrychluje.
Vyčisti si Plochu, máš na ní příliš veliké soubory, což může způsobovat zpomalení chodu systému. Plocha by měla mít velikost maximálně tak 300 MB.

Následující soubory otestuj na stránkách VirusTotal.

• C:\Users\Luboš\AppData\Local\Temp\cdrmkaun.sys
• Klikni na [Choose File].
• Soubor nehledej, jen vlož cestu souboru, který chci otestovat.
• Klikni na [Scan it!].
• Pokud na Tebe vyskočí obrazovka podobná té, co je níže, klikni na [Reanalyse]!
  
• Výsledek analýzy mi sem vlož (jako odkaz).

Program jsem odstranil a soubor otestoval. Aktuálně se stav CPU snížil na 10% a méně, ale pro změnu vylítlo využití operační paměti na 92%.

https://www.virustotal.com/file/1ad5d9c ... 347888914/

Ještě nemáme hotovo, tak nedělej žádné závěry.


Fixni v HJT níže uvedené položky.

• Fixnout znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek.
• Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
• Položky, které v seznamu nenajdeš, prostě přeskoč.
• HJT najdeš zde: C:\Program Files\trend micro\Luboš.exe

O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)


Pak spusť znovu OTL.

• Pokud používáš operační systém Windows Vista či Windows 7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
• Do spodního okénka Vlastní skenování/opravy vlož tento script (pouze zelená písmenka v bílém poli, včetně té dvojtečky před Commands!):

• Klikni na tlačítko [Opravit].
• Po dokončení skenu se objeví log, ten mi sem vlož.
• Pokud se log nevejde do jednoho příspěvku, rozděl jej na více částí.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

User: Luboš

User: Luboš
->Temp folder emptied: 941122916 bytes
->Temporary Internet Files folder emptied: 1251178587 bytes
->Google Chrome cache emptied: 6614279 bytes
->Flash cache emptied: 72899 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 929172606 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2 983,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Luboš

User: Luboš
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

========== SERVICES/DRIVERS ==========
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Error: No service named aawservice was found to stop!
Service\Driver key aawservice not found.
Error: No service named ICQ Service was found to stop!
Service\Driver key ICQ Service not found.
Service Nero BackItUp Scheduler 3 stopped successfully!
Service Nero BackItUp Scheduler 3 deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Error: No service named gusvc was found to stop!
Service\Driver key gusvc not found.
========== OTL ==========
Service pccsmcfd stopped successfully!
Service pccsmcfd deleted successfully!
File system32\DRIVERS\pccsmcfd.sys not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Error: No service named aa3occua was found to stop!
Service\Driver key aa3occua not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3933189071-1421474198-2244348519-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-3933189071-1421474198-2244348519-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3933189071-1421474198-2244348519-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3933189071-1421474198-2244348519-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3933189071-1421474198-2244348519-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-3933189071-1421474198-2244348519-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-3933189071-1421474198-2244348519-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}\ not found.
HKU\S-1-5-21-3933189071-1421474198-2244348519-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3933189071-1421474198-2244348519-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3933189071-1421474198-2244348519-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-3933189071-1421474198-2244348519-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-3933189071-1421474198-2244348519-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Windows\System32\perfh009.dat moved successfully.
C:\Windows\System32\perfh005.dat moved successfully.
C:\Windows\System32\perfc005.dat moved successfully.
C:\Windows\System32\perfc009.dat moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1566.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2EBD.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP743B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7676.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP82EB.tmp\mscorlib.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP82EB.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP86C1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9AF7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9B0.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA5B0.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB0D7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE086.tmp folder deleted successfully.
C:\Windows\Globalization\tl-PH-Nokia.tmp0 deleted successfully.
C:\Windows\Installer\MSI101D.tmp deleted successfully.
C:\Windows\Installer\MSI2574.tmp deleted successfully.
C:\Windows\Installer\MSI2D44.tmp deleted successfully.
C:\Windows\Installer\MSI43CE.tmp deleted successfully.
C:\Windows\Installer\MSI47A7.tmp deleted successfully.
C:\Windows\Installer\MSI4CD9.tmp deleted successfully.
C:\Windows\Installer\MSI5F24.tmp deleted successfully.
C:\Windows\Installer\MSI6533.tmp deleted successfully.
C:\Windows\Installer\MSI6709.tmp deleted successfully.
C:\Windows\Installer\MSI69A8.tmp deleted successfully.
C:\Windows\Installer\MSI6A94.tmp deleted successfully.
C:\Windows\Installer\MSI7707.tmp deleted successfully.
C:\Windows\Installer\MSI9BF1.tmp deleted successfully.
C:\Windows\Installer\MSIA08D.tmp deleted successfully.
C:\Windows\Installer\MSIAB5C.tmp deleted successfully.
C:\Windows\Installer\MSIADC8.tmp deleted successfully.
C:\Windows\Installer\MSIB13E.tmp deleted successfully.
C:\Windows\Installer\MSIB2B6.tmp deleted successfully.
C:\Windows\Installer\MSIB599.tmp deleted successfully.
C:\Windows\Installer\MSIB7F0.tmp deleted successfully.
C:\Windows\Installer\MSIBFAB.tmp deleted successfully.
C:\Windows\Installer\MSIC345.tmp deleted successfully.
C:\Windows\Installer\MSICD2.tmp deleted successfully.
C:\Windows\Installer\MSIDB87.tmp deleted successfully.
C:\Windows\Installer\MSIF208.tmp deleted successfully.
C:\Windows\Installer\MSIFDA.tmp deleted successfully.
C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt23EF.tmp deleted successfully.
C:\Windows\twain_32\hpqgnds2.tmp deleted successfully.
ADS C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
File\Folder C:\Program Files\Ask.com not found.
File\Folder C:\Program Files\Google\Google Toolbar not found.
File\Folder C:\Program Files\Google\GoogleToolbarNotifier not found.
C:\Users\Luboš\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Luboš\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Luboš\AppData\Roaming\TuneUp Software folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar folder moved successfully.
C:\Program Files\ICQ6Toolbar\1003291502 folder moved successfully.
C:\Program Files\ICQ6Toolbar folder moved successfully.
File\Folder C:\Program Files\Lavasoft not found.
File\Folder C:\Windows\tasks\DriverScanner.job not found.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\User_Feed_Synchronization-{1E58EE40-7397-43B0-87C7-876B08708E1B}.job moved successfully.
C:\Users\Luboš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC200356-0864-4F66-8964-5D43A19300F5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC200356-0864-4F66-8964-5D43A19300F5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NBKeyScan deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IgfxTray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Nokia FastStart deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DriverScanner not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp2 scheduled to be deleted on reboot.

OTL by OldTimer - Version 3.2.61.3 log created on 09172012_175721

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp2 scheduled to be deleted on reboot.

Výborně, OTL provedlo, co mělo a mimo jiné smazalo i téměř 3 GB bordýlku.

Jak se chová počítač nyní?

Procesor a RAM vypadají dobře. Dokonce i celkem slušně najíždí systém. Snad už bude vše v pořádku. Moc děkuji za pomoc...

No vidíš. Jsem rád, že vše běhá tak jak má. Takže ještě dočistíme a máme hotovo.


OTC http://oldtimer.geekstogo.com/OTC.exe

• Stáhni a spusť.
• Klikni na CleanUp a potvrď YES.
• Program uklidí a může (nemusí) restartovat PC.

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stáhni a spusť.
• Klikni na Start a potvrď OK.
• Program uklidí a může (nemusí) restartovat PC.
• Po použití utilitu smaž.

Pokud nemáš, stáhni CCleaner z tohoto odkazu.

• Panel čistič
• Vše nech jak je, jen dej Analyzovat a poté Spustit CCleaner.

• Panel registry
• Klikni na Hledej problémy.
• Následně na Opravit problémy - zálohu registrů doporučuji udělat, oprav všechny problémy.
• Postup opakuj, dokud nebude bez problémů - většinou cca 3x.

• Panel nástroje
• Zde můžeš odinstalovat nepotřebné programy.

CCleaner doporučuji používat cca jednou za týden.

... a pokud nejsou žádné dotazy, bylo by to z mé strany vše.

Paráda. PC šlape jako dříve. Ještě jednou moc děkuji za pomoc...

Tak to moc rád slyším.


Není tedy vůbec zač a rádo se stalo. Přeji pěkný den.